On Wednesday 2006-08-02 14:10 -0400, Doug Schepers wrote:
> Mr. Harold does not seem to care for the Access Control specification, using
> such colorful language as "colossally brain damaged" and "the single most
> broken security design I've seen in years".
>
> http://www.cafeconleche.org/oldnews/news2006May27.html
I think the complaint I'd take most seriously is the latter part of:
# At best this is a very poorly written specification that doesn'tt
# explain what it's actually trying to do.
It would be good if "cross-site scripting" appeared in the document
introduction rather than appearing only once in section three, since the
point of it (as I understand it) is to allow a page to relax cross-site
scripting restrictions on accessing it.
-David
--
L. David Baron <URL: http://dbaron.org/ >
Technical Lead, Layout & CSS, Mozilla Corporation